USG110 & L2TP / IPSec with IKEv2

mrwee
mrwee Posts: 40  Freshman Member
First Comment Friend Collector Fifth Anniversary
edited April 2021 in Security
Hi. I'm struggling to get IKEv2 implemented on my USG110. I can get my iPhone to connect well enough, but I can't seem to get both LAN & internet access at the same time. I've previously had IKEv1 working, so I just copied the Policy Routing & Control to the newly created VPN elements. But it doesn't work. I've tried changing the "Local Policy" under the VPN Connection, but no setting have provided both.

Is there a complete example somewhere?

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @mrwee,

     

    You can follow the instructions in the attached document to configure IKEv2.

    Create a policy route for Internet access.


  • mrwee
    mrwee Posts: 40  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    Thank you. This looks very useful. In trying to make this work, I've fiddled with "Use Policy Route to Security control dynamic IPSec rules". Is it correctly understood that if this is enabled, then no Policies needs to be configured manually? Even if I use Policy Routing (Under network)?

    Thanks for your support, it's great to have this forum!
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @mrwee,

     

    The ZyWALL creates routes for dynamic VPN automatically.

    You can create and use policy routes to control IPSec traffic if "Use Policy Route to control dynamic IPSec rules" is enabled.

    This feature provides more flexible management for IPSec VPN dynamic peer.

  • mrwee
    mrwee Posts: 40  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    Ok, thanks for the clarification. I still haven't got it working, but I'll try to troubleshoot it.

Security Highlight